Permalink
Browse files

Remove three bytes from PKCS#11 ECPoint string

The CKA_EC_POINT is defined as 'DER encoded X9.62 octet string',
which means it has DER preamble and also compression indicator.
So we remove these from the result string, and pass it along,
to get valid ECPoint value for DNS use.
  • Loading branch information...
1 parent ba4d623 commit 432808be7bf348726f96b58e926777f4ca0dde59 @cmouse cmouse committed May 16, 2015
Showing with 1 addition and 1 deletion.
  1. +1 −1 pdns/pkcs11signers.cc
@@ -353,7 +353,7 @@ class Pkcs11Token {
d_ecdsa_params = attr[0].str();
if (d_ecdsa_params == "\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07") d_bits = 256;
if (d_ecdsa_params == "\x06\x05\x2b\x81\x04\x00\x22") d_bits = 384;
- d_ec_point = attr[1].str();
+ d_ec_point = attr[1].str().substr(3);
} else {
throw PDNSException("Cannot load attributes for PCKS#11 public key " + d_label);
}

0 comments on commit 432808b

Please sign in to comment.